Anti keylog editor of activex base

ABSTRACT

A security program has an ActiveX format for web browsers and application programs, and comprises a software security input window for preventing leakage of keyboard data without an additional hardware device but rather by using a conventional keyboard. Therefore, the present invention protects keyboard data on the web browsers or application programs.

This is a nationalization of PCT/KR02/01158 filed Jun. 20, 2002 andpublished in English.

TECHNICAL FIELD

A security program has an ActiveX format for web browsers andapplication programs, and comprises a software security input window forpreventing leakage of keyboard data without an additional hardwaredevice but rather by using a conventional keyboard. Therefore, thepresent invention protects keyboard data on the web browsers orapplication programs.

BACKGROUND OF THE INVENTION

(a) Field of the Invention

The present invention relates to an apparatus and a method forprotecting keyboard data inputted by a user. More specifically, thepresent invention relates to an apparatus and a method for preventingleakage of the keyboard data using a security program.

(b) Description of the Related Art

Conventional techniques of keyboard data security on the Internetinclude a product “Kis” released by Safetek (www.esafetek.com) inJanuary 2001, and keyboard data input means (or methods) such as aJava-based virtual keyboard other than a conventional keyboard system.However, since the former protects keyboard data on a hardware basis, itrequires an additional device, and it is accordingly difficult to beapplied to a general-purpose service such as the Internet, and thelatter, that is, the security using the keyboard data input means otherthan conventional keyboard is not greatly used because of users' lack ofskill and the inconvenience involved. Hence, even though it is urgentlyrequired to secure keyboard data comprising important personalinformation on the Internet, no general-purpose products have beenprovided to the market.

According to the present invention, the input data by conventionalkeyboard are securely processed.

SUMMARY OF THE INVENTION

It is an object of the present invention to prevent keyboard dataleakages from hacking when a user inputs personal information, writeselectronic mail, or produces a document on the Internet or a networksystem.

To accomplish the present invention, a keyboard data protecting functionand a web browser supporting function are required.

In order to perform keyboard data security, first, when a scan code,which is caused by user key input, is transmitted to a keyboard devicedriver from a keyboard hardware, leakage of the scan code remaining atthe I/O port 6011 must be prevented. However, since general applicationprograms may not properly control the leakage because of their hardwareproperties and the Windows properties, a virtual device driver (VxD)accessible to Ring 0 is to be used to prevent the above-noted leakage.

Second, while the keyboard device driver converts the scan code intokeyboard data and transmits the same to a system message queue, theconverted keyboard data must be not leaked by external programsincluding API hooking and message hooking. However, since this processmay not be protected through the Windows' default operating system(USER.EXE) as general methods, another keyboard entry method that doesnot use the Window's default system should be supported.

Third, data leakage during the process of transmitting the keyboard datato a desired application program must be prevented. Hackers may hook ormonitor the APIs or messages used by the application programs to leakthe keyboard data. Therefore, a technique for securely transmitting thekeyboard data to the application program is to be created.

In order to use the keyboard data on the web browser, first, it isneeded for a security input window to be described using HTML documentssupported by the web browser. Since the security input window does notfollow the Window's default keyboard operating system, it is to berealized through a specific method to be in cooperation with the webbrowser.

Second, it is required to support low level tasks includingcommunication with a virtual device driver VxD on the web browser, andcontrolling hardware because the security input window according to thepresent invention uses a security keyboard driver, and directly controlsthe hardware keyboard to realize the security input window.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of the specification, illustrate an embodiment of the invention,and, together with the description, serve to explain the principles ofthe invention:

FIG. 1 shows a whole configuration of a keyboard data security systemaccording to a preferred embodiment of the present invention;

FIG. 2 shows a keyboard data flowchart of a security input windowaccording to a preferred embodiment of the present invention;

FIG. 3 shows a data flowchart between a security keyboard driver and theActiveX according to a preferred embodiment of the present invention;

FIG. 4 shows a web browser to which a security input window is appliedaccording to a preferred embodiment of the present invention; and

FIG. 5 shows an exemplified HTML source to which a security input windowis applied according to a preferred embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

In the following detailed description, only the preferred embodiment ofthe invention has been shown and described, simply by way ofillustration of the best mode contemplated by the inventor(s) ofcarrying out the invention. As will be realized, the invention iscapable of modification in various obvious respects, all withoutdeparting from the invention. Accordingly, the drawings and descriptionare to be regarded as illustrative in nature, and not restrictive.

The basic operation principle according to a preferred embodiment of thepresent invention on the web browsers is to not use a Microsoft Windowstandard keyboard process, but rather to use a security keyboard driverand a security input window to securely transmit the keyboard data inputby the user to a web browser. Also, the keyboard security of the presentinvention prevents the user's key input data from being stolen by ahacker. The user's key input data stored (more accurately, latched) in abuffer of the keyboard hardware are immediately modified. In the presentinvention, the keyboard hardware means a keyboard controller; however,it can be a device to include a data latch unit for temporally storingthe user's key input data, which are usually stored as a scan codetherein. In the computer system, the user's key input data aretransferred to a CPU via the latch unit of an I/O port which is providedfor the keyboard controller, such as a controller 8255, (hereinafter,referred to as “keyboard hardware”).

FIG. 1 shows a whole configuration of a keyboard data security system,applied to a web browser, according to a preferred embodiment of thepresent invention.

First, a conventional keyboard processing of Microsoft Windows will bedescribed. Electrical signals generated from a keyboard are provided toa keyboard hardware 101 of the motherboard, they are represented in scancodes, and they are provided to a virtual keyboard driver (VKD) 102. Thekeyboard driver is used as a virtual driver in Windows 98; however, thismay be another keyboard driver in other operation systems. The scancodes that are different from each other depending on the keyboard typeare converted by the VKD 102 into a keyboard message used as thestandard of the operating system. The keyboard messages stored in asystem message queue 103 are transmitted to a virtual machine (VM)currently activated by USER.EXE which is a Ring 3 component of theoperating system. The keyboard data stored in the VM are transmitted toa web browser 105 through a thread message queue 103 to perform a keyinput task. Finally, the keyboard data stored in the VM are transmittedto a web server 106 through the web browser 105.

However, the key input task of the security input window according to apreferred embodiment of the present invention is realized in such amanner that a security keyboard driver, differing from the above-notedconventional keyboard processing, is driven.

According to the principle of the key input security task in a securityinput window, electrical signals generated from keyboard are provided tothe keyboard hardware 101 of the motherboard, they are represented inscan codes, and they are provided to a virtual keyboard driver (VKD)102. After this, the virtual keyboard driver 102 callsVKD_Filter_Keyboard_Input that represents a hooking function (a userredefinition function) for user-defined key management. When a carryflag is set and returned from the hooking function called by the virtualkeyboard driver 102, the virtual keyboard driver 102 ignores a keyboardmessage and aborts subsequent keyboard message processing. The hookingfunction in the security keyboard driver stores the keyboard data in itsqueue, sets a carry, and returns the carry. Therefore, the keyboardmessage is not transmitted to a system message queue, a thread messagequeue, and a web browser, thereby preventing leakage of the keyboarddata through message hooking. In this instance, the hooking function isprovided to and managed by a security keyboard driver.

The security keyboard driver redefines the VKD_Filter_Keyboard_Input toprevent message hooking. However, the scan code remains in the keyboardhardware of the motherboard after the above-noted task. Scan code tracedata may not be erased through a general method because of properties ofthe keyboard hardware. Hence, the keyboard hardware is controlled so asto erase the scan code trace data remaining in the keyboard hardware.

As to the method for erasing the trace data, when the hooking functionis executed, VKD_Filter_Keyboard_Input of the security keyboard driveris called and a general control command (keyboard enable signal [F4H])is issued and output to the keyboard hardware through the port 60H. Thecontrol command, such as the keyboard enable signal [F4H], is a controlsignal that dose not have an effect on the user's key input and thecontrol signal can be selected from instructions to make meaninglessdata issued by the keyboard hardware, a CPU or other devicesincorporated in the computer system. The keyboard data stored in thebuffer are modified into the meaningless data under the control of thecontrol command. Accordingly, since the key input data stored in theoutput buffer are modified immediately after the previously input datahas been processed, the user's key input data are securely protected.Actually, since the key input data stored in the output buffer is notmodified or erased directly, in the present invention, the modificationis carried out by inputting again into the buffer the newly producedmeaningless data regardless of the user's key input data. When receivingthe control command from a CPU, the keyboard hardware is initializeditself with enabling the keyboard and outputs an acknowledgement (FAh)for the initialization to the CPU in response to the control command,and then erases the keyboard data stored in the output buffer of theport 60H. In this process, the keyboard data stored in the output bufferof the port 60H of the keyboard hardware are erased, the trace data ofthe port 60H are changed to another value FAh, and accordingly, the scancode trace data are erased. By using this process, keyboard data hackingusing a keyboard port is prevented. As a result, the keyboard dataremaining in the output buffer of the keyboard hardware, moreparticularly in an output buffer (port 60H) of the keyboard hardware, ismodified into the acknowledgement (FAh) which is different from andregardless of the previously stored keyboard data. For example, thekeyboard hardware can modify the keyboard data stored in the buffertherein in response to the control command from a CPU, by alternatingthe keyboard data into other data and erasing them. Since the alternateddata means specific data which can be the acknowledgement signal fromthe keyboard hardware, as set forth above, or specific data. In casewhere the specific data, they can come from the CPU together with thecontrol command when the security keyboard driver is driven.Alternatively, the data to be modified can individually come from theCPU, the keyboard hardware, itself, or other devices if they areprovided to the output buffer in the keyboard hardware in response tothe control command. Also, it is possible to use an echo signal, as aresponse signal to the control command, which is issued in the keyboardhardware itself after the keyboard data are outputted. As to the methodfor transmitting the keyboard data stored in the keyboard data queue ofthe security keyboard driver to the security input window 110 having theActiveX format, states of the queue of the security keyboard driver areperiodically monitored by the security input window to receive thestored keyboard data. When receiving the keyboard data, the securityinput window converts the keyboard data of a scan code format intocharacters to store them, and displays them to a screen for the user tocheck input states.

When the user inputs data in the security input window, and presses oneof a transmit button and a check button to go to a next task, the webbrowser 112 refers to data properties 111 of the security input windowthrough scripts to proceed to perform tasks assigned by the scripts.

FIG. 2 shows a flowchart for interface and management between a virtualkeyboard driver and a security keyboard driver. When a user presses akeyboard button, the keyboard hardware receives keyboard data from thekeyboard to generate a keyboard interrupt and call a virtual keyboarddriver in step S201. The called virtual keyboard driver reads a value ofthe port 60H storing the keyboard data, stores it in a predeterminedregister, and calls a hooking function S210 ofVKD_Filter_Keyboard_Input. The hooking function S210 representing afunction that the security keyboard driver has, determines whether thesecurity keyboard driver is activated or not S204, and the hookingfunction S210 is terminated when the security keyboard driver is notactivated. It also erases the keyboard data traces of the keyboard port60H using the above-noted method S205 when the security keyboard driveris activated and stores the keyboard data in its queue 5206. It thenassigns a carry flag S207 so that the virtual keyboard driver may notuse the keyboard data, and it is terminated.

When calling the hooking function, the virtual keyboard driver checksthe carry flag to perform the existing virtual keyboard driver job orignore the input keyboard data 5208 and S209.

FIG. 3 shows a flowchart for processing keyboard data through interfacebetween a security input window and a security keyboard driver. Thesecurity input window uses a timer to periodically communicate (functionDeviceloControl) with the security keyboard driver in step S301 toreceive security keyboard data in step S303. After receiving thesecurity keyboard data based on the determination S302, the securityinput window displays or stores the security keyboard data 5304.

FIG. 4 shows an exemplified web browser 405 to which a security inputwindow 404 is applied, referring to HTML codes of FIG. 5. Referring toFIG. 4, when a user uses a keyboard 401 to input a web address in thesecurity input window 404 of the browser 405 through the security driver403 or the virtual keyboard driver 402, and presses a button 406, theuser is linked to the corresponding web page.

FIG. 5 shows the security input window 501 represented in HTML codeformat and process of the keyboard data input to the security inputwindow in the HTML format.

The description of the security input window in the HTML format isperformed according to the ActiveX format, and the data reference of thesecurity input window follows the ActiveX property format.

The security input window as shown in the subsequent example 502 isexpressed as the OBJECT in the HTML codes.

<OBJECT classid=”clsid:C1BF8F0F-05BA-497C-AEDA-F377E0867B3C” name=”akl1”codebase=”http://localhost/AKLEditXControl.cab#version=1,0,89,9”width=350 height=23 align=center hspace=0 vspace=0 > <param name=”Value”value=”www.yahoo.com”> <param name=”Border” value=”2”> <paramname=”BorderLeftcolor” value=”0”> <param name=”BorderRightcolor”value=”0”> <param name=”BorderTopcolor” value=”0”> <paramname=”BorderBottomcolor” value=”0”> <param name=”BorderStyle” value=”1”><param name=”Font” value=”MS Sans Serif”> <param name=”Size” value=”56”></OBJECT>(Reference document:http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/OBJECT.asp)

The next exemplar 501 describes a method for referring to the keyboarddata input to the security input window in the HTML codes.

<script language=”javascript”> function geturl( ) { var ak = http:// +akl1.value; window.open(ak) } </script>

In the above codes, akl1.value is called to refer to the data of thesecurity input window.

1. The preferred embodiment of the present invention protects thekeyboard data input by a user on the Internet to increase reliability ofInternet-related industries and activate the industries.

Internet tasks including Internet banking, Internet games, web mail, webcontents, and security document composition basically require a user touse a keyboard. Leaked keyboard data may cause great confusion anddamage to the Internet tasks of companies.

Therefore, the use of the security key input window prevents leakages ofthe keyboard data to improve reliability of Internet business and toactivate the Internet business, and it will reduce direct loss anddamage caused by the leakage of the keyboard data.

2. The preferred embodiment does not handle malicious programs in thelike manner of vaccine programs, but it copes with hacking, and hence,the preferred embodiment protects the user's keyboard data against newprograms and undetected hacking programs.

3. Hackers may not steal the keyboard data using existing hacking toolsif they have no new hacking techniques, which reduces the hackers'fields of action.

4. The preferred embodiment provides a software security system, and itrecovers the security level through an immediate improvement when thesecurity level of the system is lowered, thereby increasing thereliability of keyboard data security and obtaining Internet businessrelated reliability.

While this invention has been described in connection with what ispresently considered to be the most practical and preferred embodiment,it is to be understood that the invention is not limited to thedisclosed embodiments, but, on the contrary, is intended to covervarious modifications and equivalent arrangements included within thespirit and scope of the appended claims.The word ‘comprising’ and forms of the word ‘comprising’ as used in thisdescription and in the claims does not limit the invention claimed toexclude any variants or additions.

1. A method of protecting keyboard data inputted by a user in acomputer, comprising: receiving scan code data based on keyboard datainputted by a user, wherein the received scan code data are latched inan I/O port of a keyboard hardware; executing an input routine through avirtual keyboard driver to read the scan code data from the I/O port,wherein the latched scan code data remains in the I/O port after thescan code data are read from the I/O port; transmitting, through asecurity keyboard driver, a control command to the keyboard hardware;and receiving from the keyboard hardware a response signal that replacesthe scan code data in the I/O port, the response signal being generatedin response to the control command, wherein transmitting the controlcommand to the keyboard hardware is performed after each keyboard datainput.
 2. The method of claim 1, wherein the control command comprisesan enable command for enabling a keyboard.
 3. The method of claim 2,wherein transmitting the control command to the keyboard hardwarecomprises transmitting the enable command to the keyboard which hasalready been initially enabled.
 4. The method of claim 2, wherein theresponse signal comprises an acknowledgement signal for acknowledgingreceipt of the enable command.
 5. The method of claim 1, wherein thecontrol command comprises F4.
 6. The method of claim 1, wherein the I/Oport comprises an input buffer and an output buffer, wherein thereceived scan code data are latched in the output buffer and the controlcommand is transmitted to the input buffer.
 7. The method of claim 1,further comprising: calling a hooking function for preventing the scancode data from transmitting to a system message queue or a threadmessage queue of the computer; and transmitting the scan code data to aninput program to be secured.
 8. A method of protecting keyboard datainputted by a user in a computer having a keyboard hardware, thekeyboard hardware comprising an I/O port having an input buffer and anoutput buffer, the method comprising: receiving scan code data based onkeyboard data inputted by the user, wherein the scan code data arelatched in the output buffer of the I/O port; executing an interruptroutine to fetch the scan code data from the output buffer to a CPU ofthe computer, wherein the latched scan code data remains in the outputbuffer after the latched scan code data are read from the output buffer;transmitting a control command to the keyboard hardware through theinput buffer of the I/O port; and receiving from the keyboard hardware aresponse signal generated in response to the control command, whereinthe keyboard hardware is configured to transmit the response signal tothe output buffer of the I/O port, wherein the response signal replacesthe scan code data remaining in the output buffer of the I/O port, andwherein transmitting the control command to the keyboard hardware isperformed after each keyboard data input.
 9. The method of claim 8,wherein the control command comprises an enable command for enabling akeyboard.
 10. The method of claim 9, wherein transmitting the controlcommand to the keyboard hardware comprises transmitting the controlcommand to the keyboard which has already been initially enabled. 11.The method of claim 9, wherein the response signal comprises anacknowledgement signal for acknowledging receipt of the enable command.12. The method of claim 8, wherein the control command comprises F4. 13.The method of claim 8, further comprising: calling a hooking functionfor preventing the scan code data from transmitting to a system messagequeue or a thread message queue of the computer; and transmitting thescan code data stored in the security keyboard driver to an inputprogram to be secured.
 14. A computer system for protecting keyboarddata inputted by a user, comprising: a keyboard hardware configured toprocess keyboard data inputted by a user, the keyboard hardwarecomprising an I/O port; and a CPU comprising: a keyboard driverconfigured to fetch scan code data from the I/O port when an interruptroutine is initiated; and a security keyboard driver configured to senda control command to the I/O port after the keyboard driver fetches thescan code data from the I/O port, wherein the keyboard hardware isconfigured to receive the control command from the security keyboarddriver of the CPU and generate a response signal in response to thecontrol command after each keyboard data input, and wherein the keyboardhardware is configured to transmit the response signal to the CPUthrough the I/O port to replace the scan code data in the I/O port. 15.The computer system of claim 14, wherein the control command comprisesan enable command for enabling a keyboard.
 16. The computer system ofclaim 15, wherein the keyboard is already enabled prior to receiving theenable command.
 17. The computer system of claim 15, wherein theresponse signal from the keyboard comprises an acknowledgement signalfor acknowledging receipt of the enable command.
 18. The computer systemof claim 14, wherein the control command comprises F4.
 19. The computersystem of claim 14, wherein the I/O port comprises an input buffer andan output buffer, wherein the scan code data inputted by the user arelatched in the output buffer, and wherein the control command from thesecurity keyboard driver is inputted through the input buffer.
 20. Thecomputer system of claim 14, wherein the security keyboard driver isconfigured to perform a hooking function for preventing the keyboarddata from transmitting to a system message queue or a thread messagequeue.
 21. A computer system comprising a non-transitory computeruseable medium having a security program embodied therein for protectingkeyboard data inputted by a user, the security program comprising: akeyboard driver configured to fetch scan code data stored in an I/O portof a keyboard hardware to a CPU when an interrupt routine is initiated;and a security keyboard driver configured to send a control command tothe keyboard hardware after the keyboard driver fetches the scan codedata from the I/O port, the control command being configured to causethe keyboard hardware to generate a response signal, wherein theresponse signal replaces the scan code data stored in the I/O port, andwherein the security keyboard driver is configured to send the controlcommand to the keyboard hardware after each keyboard data input.
 22. Thecomputer system of claim 21, wherein the control command comprises anenable command for enabling a keyboard.
 23. The computer system of claim22, wherein the keyboard is already enabled prior to receiving theenable command.
 24. The computer system of claim 22, wherein theresponse signal from the keyboard comprises an acknowledgement signalfor acknowledging receipt of the enable command.
 25. The computer systemof claim 21, wherein the control command comprises F4.
 26. The computersystem of claim 21, wherein the I/O port comprises an input buffer andan output buffer, wherein the scan code data are stored in the outputbuffer, and wherein the control command is sent to the input buffer. 27.The computer system of claim 21, wherein the security keyboard driver isconfigured to perform a hooking function for preventing the scan codedata from transmitting to a system message queue or a thread messagequeue.
 28. The computer system of claim 27, wherein the securitykeyboard driver is configured to store the scan code data and transmitthe stored scan code data to an input program to be secured.
 29. Anon-transitory computer readable medium in a computer having a processorthat stores instructions for executing a method for protecting keyboarddata in the computer, the method comprising: receiving scan code databased on keyboard data inputted by a user, wherein the scan code dataare latched in an I/O port of a keyboard hardware; executing an inputroutine through a virtual keyboard driver to read the scan code datafrom the I/O port, wherein the scan code data remains in the I/O portafter the scan code data are read from the I/O port; transmitting,through a security keyboard driver, a control command to the keyboardhardware after each keyboard data is inputted by the user; and receivingfrom the keyboard hardware a response signal that replaces the latchedscan code data in the I/O port, the response signal being generated inresponse to the control command.
 30. The medium of claim 29, wherein thecontrol command comprises an enable command for enabling a keyboard. 31.The medium of claim 30, wherein transmitting the control command to thekeyboard hardware comprises transmitting the enable command to thekeyboard which has already been initially enabled.
 32. The medium ofclaim 30, wherein the response signal comprises an acknowledgementsignal for acknowledging receipt of the enable command.
 33. The mediumof claim 29, wherein the I/O port comprises an input buffer and anoutput buffer, wherein the scan code data are latched in the outputbuffer and the control command is transmitted to the input buffer. 34.The medium of claim 29, wherein the method further comprises: calling ahooking function for preventing the scan code data from transmitting toa system message queue or a thread message queue of the computer; andtransmitting the scan code data stored in the security keyboard driverto an input program to be secured.
 35. In a computer having a keyboardhardware comprising an I/O port for communicating with a CPU, the I/Oport comprising an input buffer and an output buffer, the output bufferbeing configured such that scan code data latched therein cannot beerased directly by a CPU but remains in the output buffer unless anotherdata are inputted from the keyboard hardware to replace the latched scancode data, a method of protecting keyboard data inputted by a user,comprising: receiving scan code data based on keyboard data inputted bya user, wherein the received scan code data are latched in the outputbuffer of the I/O port; reading, through a virtual keyboard driver, thescan code data from the output buffer of the I/O port; transmitting,through a security keyboard driver, a control command to the keyboardhardware after reading the scan code data; and receiving from thekeyboard hardware a response signal for replacing the scan code data inthe I/O port, wherein the response signal is generated in response tothe control command, wherein transmitting the control command to thekeyboard hardware is performed after each keyboard data input.
 36. Themethod of claim 35, wherein the control command comprises an enablecommand for enabling a keyboard.
 37. The method of claim 36, whereintransmitting the control command to the keyboard hardware comprisestransmitting the enable command to the keyboard which has already beenenabled.
 38. The method of claim 36, wherein the response signalcomprises an acknowledgement signal for acknowledging receipt of theenable command.
 39. The method of claim 35, further comprising: callinga hooking function for preventing the scan code data from transmittingto a system message queue or a thread message queue of the computer; andtransmitting the scan code data to an input program to be secured.